Home » Privacy Policy

How to use this Privacy Notice

There is a Glossary of terms at the end of this document to help you understand the meaning of some of the terms used in this Privacy Notice.

Introduction – please read me

Please read this Privacy Notice and any other privacy notice or fair processing notice we may provide on specific occasions carefully, as it is meant to help you understand what information we collect, why we collect it, and how you can update, manage, export and delete your information.

This Privacy Notice supplements the other notices and is not intended to override them.

Who we are

We are Waste Managed Limited (WML) a company incorporated and registered in England and Wales with company number  13631532 whose registered office is at 2nd floor, 41-51 Grey St, Newcastle upon Tyne, NE1 6EE and are part of the Everything Managed Group.  When we mention “we”, “us” or “our” in this Privacy Notice, we are referring to the relevant company in Everything Managed Group responsible for processing your data which will be clear to you when you engage with us.   Further details about us  can be found on Companies House and our website.

Controller

WML acts as the Controller for all the companies listed  below (and is registered with the ICO under number ZB278903) for all personal data covered by the scope of this Privacy Notice. This means that WML determines what data is collected, how this data is going to be used and how this data is protected.

The following companies and websites are in scope of this Privacy Notice:

Our commitment to you

We respect your right to privacy and are committed to protecting it and complying with Data Protection Law. We will always keep your Personal Data safe. We will be clear and open with you about why we collect your Personal Data and how we use it. Where you have choices or rights, we will explain them to you and respect your wishes.

How to contact us

If you have questions about this Privacy Notice or the processing of your Personal Data, please contact us at:

Postal address:

The Data Compliance Officer

2nd floor

41-51 Grey St,

Newcastle upon Tyne

NE1 6EE 

Email:

The Data Compliance Officer: gdpr@wastemanaged.co.uk

Personal information we collect about you

We may collect, use, store and transfer different kinds of Personal Data about you depending on our relationship with you

Identity data

Includes title, company name, job title, first name, last name, other names, date of birth, age or email address.

Other Identifiers

Telephone number, Account Identifiers, Bank Account Number, Bank Account Sort Code, what3words identifiers (https://what3words.com)

Contact data

Includes your contact address, billing address, email address or telephone and mobile number(s).

Loyalty Data

We may collect proof of purchase, invoice number, personal and company billing addresses or trade account numbers.

Transaction data

Includes details about payments to and from you and other details of services you have purchased from us.

Technical data

Includes IP address, your login information, time zone setting, browser plugin types and versions, operating system and platform, and other technology on the devices you use to access our website or our Apps.

Profile data

Includes your email and password, the services you have used on our website your use of social media functions on our Website.

Usage data

Includes information about how you use our Website ,the resources you access, pages you visit, the time and date of your visit or an email opened, the time spent on those pages, unique device identifiers, the URL (Uniform Resource Locator) clickstream to, through and from our website and other diagnostic data.

Candidate data

Includes information you have provided to us in your curriculum vitae, covering letter and/or application form, including name, title, address, telephone number(s), personal email address, date of birth, gender, employment history, qualifications, areas of specialisms.

This also includes any information you provide to us during an interview.

Marketing and communications data

Includes your preferences in receiving marketing from us and our third parties and your communication preferences and records of our correspondence  with you.

We may use technologies, such as Tracking Pixels (also called 1×1 pixels or pixel tags), to collect the above information from your interaction with emails we send you. This enables us to focus our marketing, leading to more relevant emails to our subscribers. It also helps us to identify subscribers that are not engaged with our marketing emails, enabling us to remove them from our send lists.

Chat sessions

This information includes online chat sessions and the chat history of previous sessions. For customer queries via chat sessions.

Special Category Personal Data

No special category data is collected by Waste Managed Ltd under this Privacy Notice.

Aggregated Data

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your Personal Data but is not considered Personal Data in law as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Website feature.

However, if we combine or connect Aggregated Data with your Personal Data so that it can directly or indirectly identify you, we treat the combined data as Personal Data, which will be used in accordance with this Privacy Notice.

How we get your Personal Data

We may use different methods to collect data from and about you through our partner websites, website, website live chat, website forms, by telephone, and through any related social media applications, including LinkedIn, Facebook and Twitter.

Personal Data provided directly by you

You may give us your Personal Data by filling in forms, surveys, questionnaires or assessments on our Website, by applying to work for or with us or by corresponding with us by post, phone, email, chat or otherwise. This includes Personal Data you provide when you:

  • Apps, Website or services, or to receive general, marketing or commercial information;

Data we collect when you use our Websites and Apps

Each time you interact with our Website, we will automatically collect Personal Data, including technical data about your device, your browsing actions and patterns, content and Usage Data. We collect this data using Cookies, server logs and other similar technologies like pixels, tags and other identifiers in order to remember your preferences, to understand how our Website and Apps are used, and to customise our marketing offerings and to continually improve customer journeys.

Please see our Cookie Notice for further details.

Information we receive from third parties

We may receive Personal Data about you from internal third parties, such as identity data, contact data, transaction data and profile data from companies who are a part of the Everything Managed Group.

We may also receive Personal Data about you from various external third parties such as device data from parties including :

  1. Google, Facebook and Instagram.
  2. LinkedIn;
  3. what3words

Information we receive from public sources

Identity and contact data from publicly available sources such as the UK Companies House and the electoral register inside the UK .Publicly available data sources are used for Postcode and address.

Unique application numbers

When you want to install or uninstall a service containing a unique application number or when such a service searches for automatic updates, that number and information about your installation, for example the type of operating system, may be sent to us.

How we use personal information

General

We need your Personal Data to conduct our business and provide you with our services. Most commonly we will use your Personal Data in the following circumstances:

  • Where you have consented before the processing.
  • Where we need to perform a contract, we are about to enter or have entered with you.
  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal or regulatory obligation.

UK GDPR Lawful Basis table

The table below describes the ways we plan to use your Personal Data, and which Lawful Basis we rely on to do so. We have also identified what our legitimate interests are where appropriate.

For more information on the Lawful Basis we use to process your data under the UK GDPR see our Lawful Basis table below or contact us.

Lawful Basis Table

LAWFUL BASISPURPOSE EXAMPLES
Contractual We use your Personal Data on the basis that it is necessary for us to provide our services and products to you.   When you sell or purchase a service and/or use our Apps and Website or register with us, you are entering into a contract with us.          Onboarding When you register as a new customer, supplier, claim an incentive or benefit or join one of our loyalty programs.   We may use your personal, contact, technical, profile and marketing and communication data.   Service delivery In order to be able to deliver our services or receive services in physical or digital form. To provide you with information, products or services that you requested from Waste Managed Ltd and to notify you about changes to our service. The fulfilment and distribution of physical and digital products to our users.   When we manage and store your chat sessions,   We use your personal, contact, technical, profile and marketing and communication data to deliver our services to you.   Account administration   We use Identity Data, Contact Data, Loyalty Data, Payment Data, Transaction Datato administer accounts. Relationship management To manage our relationship with you, which may include: Privacy Notice;   We use Identity Data, Other Identifiers, Contact Data, Transaction Data, Profile Data, Marketing and Communications Data, Chat Sessionsto manage our relationship with you.   Communication   To be able to contact you regarding updates or informative communications related to the functionalities, products, or contracted services, including security updates, when necessary or reasonable for their implementation.   Handling the information, you submit to us enables us to respond effectively. We may also keep a record of these queries to inform any future communications between us and to demonstrate how we communicated with you throughout our contractual relationship.   We use IdentityData, Contact Data, Transaction Data, Profile Data, Marketing and Communications Data and Chat Sessions tohelp us to communicate with you.
Legitimate interest  When we rely on this, we will carry out a Legitimate Interests Assessment to ensure we consider and balance any potential impact on you (both positive and negative), and your rights under Data Protection Law

Our legitimate business interests do not automatically override your interests – we will not use your Personal Data for activities where our interests are overridden by the impact on you unless we have your consent or are otherwise required or permitted to by law.    
Managing our business   We hold Personal Data for our own legitimate business interest. This relates to us managing our business to enable us securely to provide our service/products:   Website and Apps. and in the context of a business reorganisation or group restructuring exercise.   We may use your personal, contact, technical, profile and marketing and communication data.   It is necessary to process this personal data for our legitimate interests for running our business, delivery of our services, provision of administration and IT services, network security, to prevent fraud, and in the context of a business reorganisation or group restructuring exercise.   Provide and maintain Websites and Apps.    It is in our legitimate interests to process personal data for our legitimate interests for running our business, provision of administration and IT services, network security and  provide and maintain our Websites, Apps and platforms, including to monitor the usage of these, troubleshooting, data analysis and system testing necessary for our legitimate interests (for running our business, provision of administration and IT services, network security) and to limit our business, cyber  and legal risk.     The personal data we use to provide and maintain Websites and Apps includes Identity Data, Other Identifiers, Contact Data, Technical Data, Transaction Data, Profile Data, Chat Sessions, Usage Data, Loyalty Data, Candidate Data, Marketing and communications data, and Aggregated data. Recommendations and marketing   It is in our legitimate interests to use marketing to grow our business and ensure commercial viability by marketing to and we use personal data to:           We use personal data from existing clients for these purposes and this data includes Identity Data, Other Identifiers, Contact Data, Technical Data, Transaction Data, Profile Data, Chat Sessions, Usage Data, Loyalty Data, Candidate Data, Marketing and communications data, and Aggregated data.   Security   It is in our legitimate interests  to process personal  securely to maintain network security and: Website,Websites and systems are secure. to prevent financial and reputational loss to our business.  Recruitment of candidates (contractors, employees and providers)   We will use the personal information we collect about you to assess your skills, qualifications and suitability for the work.   It is in our legitimate interests to decide whether to appoint you to work with us since it would be beneficial to our business to appoint someone with the correct qualifications and experience  to be able to do  their job efficiently and beneficially to our company.   We use Identity Data, Contact Data, and Candidate Data to assess your suitability for a position and to communicate with candidates. Reviews   When we capture your service reviews, for example when you buy goods and services from us, we may follow it up with an enquiry about your experience of the service to help us gauge customer satisfaction.   It is in our legitimate interests to ensure our survival in a competitive market by ensuring that our services and goods are market appropriate and delivered satisfactorily to our clients and users.   We use Identity Data,  Contact Data, Transaction, Marketing and Communications Data, Chat Sessions to be able to properly communicate and respond to reviews. Research and analysis    For statistical analysis, so that we can monitor and improve services, Websites and Apps, or develop new ones and we  may also aggregate personal data for these purposes.   It is necessary to us and in our legitimate interests (to study how customers use our products/services, to develop them, to grow our business and to inform our marketing strategy).   We use Identity Data, Other Identifiers, Contact Data , Loyalty Data, Technical Data, Payment Data, Transaction Data, Profile Data, Candidate Data, Marketing and Communications Data, Chat Sessions, Aggregated Data and Usage Data for research and statistical analysis the type of personal data we use depends on the nature of  the research and analysis. Data analytics   We use data analytics to improve our Website, products/services, marketing, customer relationships and experiences.   Data Analytics are necessary to our business and in our legitimate interests to define types of customers for our products and services, to study how customers use our products/services so we are able to develop our products and services and keep our Website and services updated and relevant. We need this information to develop our business and to inform our marketing strategy to ensure the growth of our business.   We may use Technical Data, Payment Data, Transaction Data, Profile Data, Chat Sessions, Aggregated Data and Usage Data for data analytics. Rights and claims   It is in our legitimate interests to use personal data, where it is necessary, Website terms of use, our policy terms and conditions, or other contracts.     Necessary for our legitimate interests (for running our business, provision of administration and IT services, network security, to prevent fraud.   We may use Identity Data, Other Identifiers, Contact Data, Loyalty Data, Technical Data, Payment Data, Transaction Data, Profile Data, Candidate Data, Marketing and Communications Data, Chat Sessions, Aggregated Data, Usage Data for these purposes.  
Legal obligations   We may use your Personal Data to comply with laws (for example, if we are required to co-operate with a police investigation after a court order orders us to).    Legal requirement   The processing is necessary for compliance with our legal obligations, such as but not limited to security requirements and accounting requirements.   To comply with applicable law, for example in response to a request from a court or regulatory body, where such request is made in accordance with the law. We may use Identity Data, Other Identifiers, Contact Data, Loyalty Data, Technical Data, Payment Data, Transaction Data, Profile Data, Candidate Data, Marketing and Communications Data, Chat Sessions, Aggregated Data, Usage Data for these purposes. Data subject rights Verifying your identity when you exercise your data subject rights.   Fulfilling data subject rights requests.   We may use Identity Data, Other Identifiers, Contact Data, Loyalty Data, Technical Data, Payment Data, Transaction Data, Profile Data, Candidate Data, Marketing and Communications Data, Chat Sessions, Aggregated Data, Usage Data for these purposes, dependent on the Data Subject request itself. Criminal activity   To detect fraudulent or criminal activity, we may share information with law enforcement authorities such as the police.   We may use Identity Data, Other Identifiers, Contact Data, Loyalty Data, Technical Data, Payment Data, Transaction Data, Profile Data, Candidate Data, Marketing and Communications Data, Chat Sessions, Aggregated Data, Usage Data for these purposes.
Consent   We may have to get your consent to use your Personal Data, such as when we want  to email  you for marketing purposes etc.   We will get your consent before sending third-party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.   Wherever consent is the only reason for using your Personal Data, you have the right to change your mind and/or withdraw your consent at any time by clicking the Unsubscribe button at the bottom of an applicable email or our contact us form.Marketing  our products and services like email marketing newsletters generally.Apps.Websites, we may collect IP addresses and store Cookies on visitors’ devices.    We may use Identity Data, Contact Data, Technical Data, Marketing and Communications Data, Chat Sessions, for these purposes.  Installation   To install an App and register you as a new App user.   We may use Identity Data, Contact Data, Loyalty Data, Technical Data, Marketing and Communications Data, Chat Sessions and Usage Data for these purposes.    Push notifications We may also offer automatic (‘push’) notifications. We will provide push notifications only if you opt-in to receive them. You do not have to provide enable push notifications to use our mobile Apps.   We may useTechnical Data, Payment Data, Profile Data, and Usage Data forthese purposes.  

Using your data for other reasons

We will only use your personal information for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

If we need to use your personal information for an unrelated purpose, we will notify you and we will explain the Lawful Basis that allows us to do so.

Marketing and advertising

We may use your information to provide you with marketing communications about services within the Group if you have requested information from us or purchased services from us, unless you have opted out of receiving that marketing.

You can opt out of us using your personal information for marketing purposes by following the unsubscribe link included in each marketing email.

Where we are legally required to obtain your Consent to provide you with certain marketing materials, we will only provide you with such marketing materials where we have obtained such Consent from you.

Disclosing your Personal Data to others

Sharing your Personal Data safely

We require all third parties to respect the security of your Personal Data and to treat it in accordance with the law.

We do not allow our third-party service providers to use your Personal Data for their own purposes. We only permit them to process your Personal Data for specified purposes and in accordance with our instructions.

We ensure that the personal  data being supplied is also limited with the minimum being used for each of the services provided by the third-party service providers.

Who we share Personal Data with

We share your personal information within the Everything Managed Group of companies and we may share your personal information with the following organisations that help us manage our business and deliver our products, applications, or services, or where we are legally obliged to share information, including with:

·         Third parties we use to help us run our business such as Waste Carrier companies, marketing agencies website hosts, IT support system providers, contractors and our telephony system provider.

·          Our bank.

.          Organisations who provide business credit checking services

  • Google Analytics  we may send the 3rd party Page Information (URL, Title), Browser Information (Browser name, Viewport or Viewing pane, Screen resolution, Java enabled, Flash version), User Information (IP address, Language).

·         Third-party platforms to manage and deliver customer relationship management (CRM) such as 

Salesforce.

·         Third parties for the purposes of App development.

·         Other organisations for the purposes of fraud/crime protection and investigation.


We only allow those organisations to handle your personal data if we are satisfied, they take appropriate measures to protect your personal data. We also impose contractual obligations on them to ensure they can only use your personal data to provide services to us and to you.

We or the third parties mentioned above may occasionally also need to share personal data with:

·         external auditors, e.g., in relation to the audit of our accounts, in which case the recipient of the information will be bound by confidentiality obligations;

·         professional advisors (such as lawyers and other advisors), in which case the recipient of the information will be bound by confidentiality obligations;

·         law enforcement agencies, courts, tribunals and regulatory bodies to comply with our legal and regulatory obligations; or

·         other parties in connection with a significant corporate transaction or restructuring, including a merger, acquisition, asset sale, initial public offering or in the event of our insolvency—usually, information will be anonymised but this may not always be possible, however, the recipient of the information will be bound by confidentiality obligations.


If you would like more information about who we share our data with and why, please contact us .

Why we share your Personal Data

As a general principle, we share data in order to facilitate or improve our services or offers. We will get your express opt-in Consent before we share your Personal Data with any third party for marketing purposes.

You can opt out of us using your personal information for marketing purposes by following the unsubscribe link included in each marketing email or by contacting us via our contact us form.

From time to time, we may share Personal Data and other information that we have collected about you:

  • To get help in running our business, and delivering our products, Apps and services;
  • Where we are legally required to do so, such as in response to court orders or legal process, or to establish, protect or exercise our legal rights or to defend against legal claims or demands;
  • Where we are acquired by or merged with another entity (in which case we will require such entity to assume our obligations under this Privacy Notice or inform you that you are covered by a new privacy notice);
  • If we believe it is necessary in order to investigate, prevent or act regarding illegal activities, fraud, or situations involving potential threats to the rights, property or personal safety of any person, or other exigent circumstances; or
  • If we believe it is necessary to investigate, prevent or act regarding situations that involve abuse of our infrastructure or the Internet in general (such as voluminous spamming, denial-of-service attacks, or attempts to compromise the security of the Website infrastructure), or to otherwise protect our assets or rights.

Sharing your Personal Data overseas

Please note that we may send personal information outside of the country generally for, but not limited to, reasons relating to processing and storage by our service providers. For example, we may have staff or third party organisations operating outside of the UK but managing and operating our systems, Cloud storage providers with data storage facilities in the US or other countries.

When we do this, we will ensure it has an appropriate level of protection and the transfer is made in line with Data Protection Law. Often, this protection is set out under a contract with the organisation that receives that information. You can find more details of the protection given to your information when it is transferred overseas by contacting us.

Data security

We have put in place appropriate security measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those employees, agents, contractors and other third parties that have a business need to know. They will only process your Personal Data on our instructions, and they are subject to a duty of confidentiality.

We periodically test the security of our systems to check for vulnerabilities.

Keep safe online

Unfortunately, the transmission of information via the Internet is not completely secure. Although we will do our best to protect your Personal Data, we do not have any control over what happens between your device and the boundary of our information infrastructure. You should be aware of the many Information Security Risks that exist and take appropriate steps to safeguard your own information.

If you want detailed information from Get Safe Online on how to protect your information and your computers and devices against fraud, identity theft, viruses and many other online problems, please visit www.getsafeonline.org. Get Safe Online is supported by HM Government and leading businesses

Encryption

Waste Managed Ltd uses AES technology (ies) for encrypting confidential and other firm sensitive data, unless documented through the exception process as described below. Symmetric cryptosystem key lengths must be at least 256 bits for both confidential data and other sensitive information identified by Group Asymmetric crypto-system keys must use a minimum key length of 3072 bits.

All encryption mechanisms implemented to comply with this policy support a minimum of, but not limited to AES 256-bit encryption  ie “AES 256 CBC, AES 256 GCM”>.

The use of proprietary encryption algorithms is not allowed for any purpose.

Group key length requirements will be reviewed annually and upgraded as technology allows.

Breaches

We have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.

Third-party websites, plugins and services links to other websites

You should be aware that information about your use of the Website (including your IP address) may be retained by your ISP (Internet Service Provider)  , the hosting provider and any third party that has access to your Internet traffic.

Our Website and Apps may contain links to third-party websites and plugins, for instance a social media login plugin. If you choose to use these websites, plugins, or services, you may disclose your information to those third parties. 

We are not responsible for the content or practices of those websites, plugins, or services. The collection use and disclosure of your Personal Data will be subject to the privacy notices of these third parties and not this Privacy Notice. We urge you to read the privacy and cookie notices of the relevant third parties.

Use by children

We do not target children, and our Website, Services and Apps are not intended to attract children.

If a parent or guardian notifies us, or it is discovered by other means, that a minor under the age of 18 has provided their Personal Data to us, we will promptly delete the minor’s Personal Data that is in our possession.

Retention of your Personal Data

We will keep your Personal Data in line with our data retention policy for no longer than is necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, accounting or reporting requirements.

To determine the appropriate retention period for Personal Data, we consider the amount, nature and sensitivity of the Personal Data, the risk of harm from unauthorised use or disclosure of your Personal Data, the purposes for which we process your Personal Data and whether we can achieve those purposes through other means, and the applicable legal requirements.

You can contact us if you have questions relating to how long we will keep your personal data.

Cookies

We use Cookies and similar technologies like pixels, tags, and other identifiers to remember your preferences, to understand how our Website and our Apps are used, and to customise our marketing offerings.

Further details can be found in our Cookie Notice.

Rights of data subjects

You have several rights under Data Protection Law. The rights available to you depend on our reason for processing your information and are set out in the Table of your rights of Rights. Information on your rights under Data Protection Law can also be found at https://ico.org.uk/for-the-public/.

Table of your rights

YOUR RIGHTDETAILS
Right to be informedWe have a legal obligation to provide you with concise, transparent, intelligible, and easily accessible information about your personal information and our use of it. We have written this Privacy Notice to do just that, but if you have any questions or require more specific information, you can contact us.  
Right of accessYou have the right to ask us for copies of your personal information. This right always applies. There are some exemptions, which means you may not always receive all the information. When you request this data, this is known as making a data subject access request (DSAR). In most cases, this will be free of charge; however, in some limited circumstances, for example repeated requests for further copies, we may apply an administration fee. You can use this form to exercise your right to access.  
Right to rectificationYou have the right to ask us to rectify information you think is inaccurate. You also have the right to ask us to complete information you think is incomplete. This right always applies. You can use this form to exercise your right to rectification.  
Right to erasureYou have the right to ask us to erase your personal information in certain circumstances. We have the right to refuse to comply with a request for erasure if we are processing the Personal Data for one of the following reasons:
To exercise the right of freedom of expression and information.
To comply with a legal obligation.
To perform a task in the public interest or exercise official authority.
For archiving purposes in the public interest, scientific research, historical research
or statistical purposes.
For the exercise or defence of legal claims.
Right to restriction of processingYou may ask us to stop processing your Personal Data. We will still hold the data but will not process it any further. This right is an alternative to the right to erasure. If one of the following conditions applies, you may exercise the right to restrict processing:   Personal Data is contested.Personal Data is unlawful.Personal Data for processing, but the Personal Data is required for part of a legal process..   You can use this form to exercise your right to restriction of processing.  
Right to object to processingYou have the right to object to processing in certain circumstances. You can also object if the processing is for a task carried out in the public interest, the exercise of official authority vested in you, or your legitimate interests (or those of a third party).   You can use this form to exercise your right to object to processing.  
Right to data portability This right only applies if we are processing information based on your Consent or for the performance of a contract and the processing is automated.   You can use this form to exercise your right to restriction to data portability  .  

How to exercise your rights

If you would like to exercise any of those rights, email, call or write to us.

In most circumstances, you do not need to pay any charge for exercising your rights. We have one month to respond to you. 

More Information about your rights

For further information on each of those rights, including the circumstances in which they do and do not apply, please contact us. You may also find it helpful to refer to the guidance from the UK’s Information Commissioner on your rights under the UK GDPR.

How you can complain to or about us

We hope that we can resolve any query or concern you raise about our use of your information. Please contact us first and title your email “Complaint”. All complaints will be treated in a confidential manner and we will try our best to deal with your concerns. We committed to manage complaints promptly, effectively and fairly.

You have the right to lodge a complaint with a Supervisory Authority where any alleged infringement of Data Protection Law occurred.

The Supervisory Authority in the UK is the ICO, which may be contacted at https://ico.org.uk/concerns or by telephone on 0303 123 1113.  

Glossary

Aggregated Datameans data that can be compiled from numeric or non-numeric data.   The data is collected and summarised for the purpose of statistical analysis or reporting. It is limited to recognising general trends due to the non-specific nature of the information.   It could be derived from your personal data but is not considered personal data in law as this data will not directly or indirectly reveal your identity.  
  
App(s)means an application thatisa computer program or piece of software designed for a particular purpose that you can download onto a mobile phone or other mobile device.   Apps Currently no Waste Managed Ltd  apps are available.
ConsentThe UK GDPR. sets a high standard for consent , consent should be given by a clear affirmative act establishing a freely given, specific, informed, and unambiguous indication of the data subject’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. Consent | ICO  
Controllermeans the natural or legal person, public authority, agency or any other entity or person who alone or jointly with others determines the purposes and means of the processing of personal data.   Our entry as a Controller on the ICO’s Data protection register can be found on the ICO website here.
Cookiesmeans a small file of letters and numbers that is stored on a browser or the hard drive of a computer.  Cookies contain information that is transferred to a computer’s hard drive.   Controllers must have users’ informed Consent before storing Cookies or similar technologies  on a user’s device and/or tracking them.  We have a Cookie Notice which is available upon request. The ICO provides information about Cookies here.  
DPA 2018  UK Data Protection Act 2018 Data Protection Act 2018 (legislation.gov.uk)  
Data Protection Lawmeans all applicable data protection and privacy legislation in force from time to time including the UK GDPR the Electronic Communications Directive 2002/58/EC (as updated by Directive 2009/136/EC) and the Privacy and Electronic Communications Regulations 2003 (SI 2003 No. 2426) as amended, and any other legislation relating to personal data and all other legislation and regulatory requirements in force from time to time that apply to the use of personal data.  
Encryption is the process that scrambles readable text so it can only be read by the person who has the secret code, or decryption key. It helps provide data security for sensitive information.   For more information see the Encryption | ICO
  
  
ICOmeans the Information Commissioner’s Office, the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Home | ICO  We are ICO Compliant with certification available upon request.
Information Security Riskscomprises the impacts on individuals or organisations that could occur due to the threats and vulnerabilities associated with the operation and use of information systems and the environments in which those systems operate.   Security | ICO  
Lawful Basisunder the UK GDPR, you must have a valid lawful basis to process personal data.   Lawful Basis of processing personal data   There are six lawful bases for processing personal data available:   (a) Consent: the individual has given clear consent to the processing of their personal data for a specific purpose. (b) Contract: the processing is necessary for a contract, or because specific steps have been taken before entering into a contract. (c) Legal obligation: the processing is necessary for compliance with the law (not including contractual obligations). (d) Vital interests: the processing is necessary to protect someone’s life. (e) Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law. (f) Legitimate interests: the processing is necessary for an organisation’s legitimate interests or the legitimate interests of a third party, unless there is a good reason to protect the individual’s personal data that overrides those legitimate interests. (This cannot apply if an organisation is a public authority processing data to perform its official tasks.)   For more information Lawful basis for processing | ICO   Special category data  Special category data is personal data that needs more protection because it is sensitive.    In order to lawfully process special category data, you must identify both a lawful basis under Article 6 of the UK GDPR  and a separate condition for processing under Article 9. These do not have to be linked.  
Legitimate Interests Assessment (LIA)is a form of risk assessment and should be conducted by an organisation when your personal data processing is based on legitimate interest. The LIA is split into three steps:   Legitimate interest assessment (LIA) | ICO  
  
Personal Datathis is also referred to as “personal information” and it means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.  
 
Personal Data Breach      means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored, or otherwise processed. Personal data breaches | ICO  
Privacy Notice(also sometimes called a privacy policy or fair processing notice) is a public document from an organisation that explains how that organisation processes personal data and how it applies data protection principles under Articles 1213 and 14 of the UK GDPR.  
Processor means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Controller. Processors act on behalf of the relevant Controller and under their authority. In doing so, they serve the Controller’s interests rather than their own.  
Special Category Personal Datasome of the personal data that organisations process is more sensitive and needs higher protection. Under the UK GDPR, this is known as ‘special categories of personal data, and includes information about a person’s:   In order to lawfully process special category personal data, we must identify both a lawful basis under Article 6 of the UK GDPR and a separate condition for processing under Article 9. These do not have to be linked.   There are ten conditions for processing special category data in Article 9 of the UK GDPR.   Five of these require us to meet additional conditions and safeguards set out in UK law, in Schedule 1 of the DPA 2018.  
Special Category Personal Data Conditions for Processingthe conditions for processing special category data:     Special category data | ICO  
Supervisory Authoritiesmeans the data protection authority tasked with supervising EU GDPR compliance in each member state of the European Union.    
Tracking Pixelsa tracking pixel is an HTML code snippet which is loaded when a user visits a website or opens an email. It is useful for gathering information about visitors on a website—how they browse, what type of ads they click on, etc.  
UK GDPRmeans the GDPR as transposed into United Kingdom national law by operation of section 3 of the European Union (Withdrawal) Act 2018, together with the DPA 2018, the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019, and other data protection or privacy legislation in force from time to time in the United Kingdom. The UK GDPR | ICO  
Website https://www.wastemanaged.co.uk/including all subdomains thereof, present and future.  
Get a Quote Call Us